0

I have a file called generator.php that uses fwrite() to create a result.php on the server (Apache, PHP4).

One of the lines in result.php is a PHP include() statement.

So, in generator.php:

if (!is_file($fname)){
    $resultfile = fopen($current_path . "/" . $fname, "w+");
}
fwrite($resultfile, '<?php include($_SERVER["DOCUMENT_ROOT"] . "'. '/inc/footer.php"); ?>' . "\n");
fclose($resultfile);
chmod($current_path . "/" . $fname, 0755);

And in result.php:

<h2>Sponsored Links</h2>
<!-- begin sidebar_top ad -->
<?php echo $_SERVER['DOCUMENT_ROOT'] . "/ads/sidebar_top.php" . "<hr />";
  include($_SERVER['DOCUMENT_ROOT'] . "/ads/sidebar_top.php"); ?>
<!-- end sidebar_top ad -->

But that include() statement doesn't work when I visit result.php in a browser. The echo statement does, so I know the path is correct.

Another test.php with the same code, which I uploaded using FTP into the same folder, works fine.

The code in the same in both files, when recovered via FTP.

In test.php: (works, echoes and includes correctly.)

<?php 
echo $_SERVER['DOCUMENT_ROOT'] . "/ads/sidebar_top.php" . "<hr />";
include($_SERVER['DOCUMENT_ROOT'] . "/ads/sidebar_top.php"); 
?>

Any idea why the include() is working in test.php (created manually) and not in result.php (created using fwrite()), when both are in the same folder?

The only differences I know of between the files:

  1. Owner could be different (wouldn't result.php be created by user nobody?)
  2. Permissions are originally different. FTP'd file (working) is 0775, while the ones created using fwrite() (include not working) had 664, and is chmoded by the generator.php to 0775.
  3. Working test.php file was edited on a Mac with Smultron and uploaded via FTP, while result.php was created by fwrite() in generator.php on Linux, called from a browser.
Pranab
  • 2,207
  • 5
  • 30
  • 50
  • Have you tried downloading result.php with an FTP browser and manually checking that they are identical? Also, do you get any errors when you visit result.php (either on the page or in the log)? – Blair McMillan Nov 21 '09 at 01:01
  • I actually snipped 2 lines of the code from the result.php (by getting it through FTP) and created test.php.. Also, if I replace 'include' by 'require' then it just stops at that sentence. – Pranab Nov 21 '09 at 02:42
  • Is the file closed before being executed? Also, can we see both generated files? – wallyk Nov 21 '09 at 00:58
  • Have added more code to the question. The code in the file that works looks exactly the same as the file that doesn't.. – Pranab Nov 21 '09 at 03:24
  • Yes, the result.php file is executed much later, manually (via a browser). The contents seem to be same when checked via FTP. – Pranab Nov 21 '09 at 02:34
  • Yes make sure you're calling fclose($fp) before trying to execute it. Also ftp the output file and manually check the contents. – Rob Nov 21 '09 at 01:06

2 Answers2

0
fwrite($resultfile, '<?php include($_SERVER["DOCUMENT_ROOT"] . "/inc/footer.php"); ?>' . "\n");

you had an extra " in there i think

Question Mark
  • 3,557
  • 1
  • 25
  • 30
0

When PHP4 safe mode is on, the result.php, being written by another uid, cannot not access the included file, which belongs to another uid.

SAFE MODE Restriction in effect. The script whose uid is 48 is not allowed to access /var/www/vhosts/example.com/httpdocs/ads/sidebar_top.php owned by uid 10010 in /var/www/vhosts/example.com/httpdocs/results/result.php on line 130

I resolved this by opening php.ini and changing to safe_mode_gid = On, and adding my includes directory to safe_mode_include_dir.

I also had to restart Apache to let the changes take effect.

Pranab
  • 2,207
  • 5
  • 30
  • 50